US20120317651A1 - Information terminal and information leakage prevention method - Google Patents

Information terminal and information leakage prevention method Download PDF

Info

Publication number
US20120317651A1
US20120317651A1 US13/451,319 US201213451319A US2012317651A1 US 20120317651 A1 US20120317651 A1 US 20120317651A1 US 201213451319 A US201213451319 A US 201213451319A US 2012317651 A1 US2012317651 A1 US 2012317651A1
Authority
US
United States
Prior art keywords
information terminal
information
state
control unit
prevented
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/451,319
Other versions
US8978156B2 (en
Inventor
Shunsuke Saito
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Intellectual Property Management Co Ltd
Original Assignee
Panasonic Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Corp filed Critical Panasonic Corp
Assigned to PANASONIC CORPORATION reassignment PANASONIC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SAITO, SHUNSUKE
Publication of US20120317651A1 publication Critical patent/US20120317651A1/en
Assigned to PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD. reassignment PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PANASONIC CORPORATION
Application granted granted Critical
Publication of US8978156B2 publication Critical patent/US8978156B2/en
Assigned to PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD. reassignment PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD. CORRECTIVE ASSIGNMENT TO CORRECT THE ERRONEOUSLY FILED APPLICATION NUMBERS 13/384239, 13/498734, 14/116681 AND 14/301144 PREVIOUSLY RECORDED ON REEL 034194 FRAME 0143. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: PANASONIC CORPORATION
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates to information terminals, and particularly to an information leakage prevention method in a case where an information terminal including a laptop personal computer is in a state in which information leakage should be prevented, such as when the information terminal is lost or stolen.
  • an owner of a stolen radio portable terminal issues a stolen notification from another terminal to an information center where portable terminals are administrated, and the information center wirelessly sends a system lock request to the target terminal in response to the notification. Then, the internal data on the stolen portable terminal is deleted.
  • a third party cannot access a wireless network nor view the internal data, such as an address list, after the portable terminal is lost or stolen. Therefore, the security of the portable terminal is maintained.
  • the start operation is performed via a wireless connection. Therefore, a third party can easily sense that the information terminal is being started by the LCD backlight, the light emitted from various LED indicators, or the driving sound generated from the cooling fan, on start-up.
  • the third party senses the starting of the information terminal, the third party stops the wireless function of the information terminal, and then the start operation for the information terminal via a wireless connection is disabled, whereby the data saved on the storage device of the information terminal cannot be deleted after that. As a result, the data in the storage device might be read by the third party.
  • the present invention has an objective to provide an information terminal and an information leakage prevention method for reinforcing information security, including deleting data on the information terminal more certainly than in the conventional technique, when an information terminal is in a state in which information leakage should be prevented because it is lost or stolen.
  • an aspect of an information terminal includes: a nonvolatile storage unit which stores a flag that indicates whether or not the information terminal is in a state in which information leakage should be prevented; a start control unit which starts the information terminal and manages a power source of the information terminal; plural devices which operate upon starting of the information terminal; and a device operation control unit which controls operation of at least one of the devices.
  • the device operation control unit controls the at least one device so as to suppress operation that appeals to at least one of five senses of human being, when the flag stored in the nonvolatile storage unit indicates the state in which information leakage should be prevented.
  • FIG. 1 is a functional block diagram of an information terminal according to an embodiment of the present invention.
  • FIG. 2 is a flowchart showing operation of the information terminal according to the embodiment of the present invention.
  • FIG. 3 is a block diagram of the information terminal according to an example of the present invention.
  • FIG. 4 is a perspective view showing an outlook of the information terminal according to the example of the present invention.
  • FIG. 5 is a sequence diagram showing a processing order for preventing information leakage from the information terminal according to the example of the present invention.
  • FIG. 6 is a flowchart showing operation for preventing information leakage from the information terminal according to the example of the present invention.
  • FIG. 1 is a functional block diagram of an information terminal 20 according to an embodiment of the present invention.
  • the information terminal 20 includes, as main constituents, a nonvolatile storage unit 24 which stores a flag 24 a that indicates whether or not the information terminal 20 is in a state in which information leakage should be prevented, a start control unit 21 which starts the information terminal 20 and manages a power source of the information terminal 20 , a device group 25 (plural devices from 25 a to 25 c ) which operate upon starting of the information terminal 20 , and a device operation control unit 22 which controls operation of at least one of the device group 25 .
  • a nonvolatile storage unit 24 which stores a flag 24 a that indicates whether or not the information terminal 20 is in a state in which information leakage should be prevented
  • a start control unit 21 which starts the information terminal 20 and manages a power source of the information terminal 20
  • a device group 25 plural devices from 25 a to 25 c
  • a device operation control unit 22 which controls operation of at least one
  • the device operation control unit 22 controls the at least one device so as to suppress operation that appeals to at least one of the five senses of human being when the flag 24 a stored in the nonvolatile storage unit 24 indicates the state in which information leakage should be prevented.
  • the flag 24 a stored in the nonvolatile storage unit 24 indicates the state in which information leakage should be prevented.
  • the operation performed on start-up that appeals to at least one of the five senses of human being is suppressed, whereby it is hard for a third party to sense that the information terminal 20 is being started. Accordingly, the data in the information terminal 20 can be certainly deleted.
  • the “state in which information leakage should be prevented” stands for a state in which the information held on the information terminal should be prevented from being leaked to a person other than the owner (a third party).
  • Example of such a state includes: when the owner has lost the information terminal (lost state); when the information terminal is stolen (stolen state); when it is required to reinforce the security of the information held on the information terminal; when it is required to delete the information held on the information terminal; and when it is required not to be sensed by a human being that the information terminal is operating.
  • “operation that appeals to at least one of the five senses of human being” stands for operation of the information terminal which may be sensed by a human being by at least one of sense of sight, hearing, taste, smell and touch. The following describes specific examples.
  • the start control unit 21 starts or restarts the information terminal 20 when the flag is set to indicate the state in which information leakage should be prevented.
  • the device operation control unit 22 controls the at least one device so as to suppress the operation that appeals to at least one of the five senses of human being after the starting or restarting.
  • the flag 24 a is set to indicate the state in which information leakage should be prevented, restart is automatically performed so that the operation that appeals to at least one of the five senses of human being by the device is suppressed.
  • the information terminal 20 further includes a communication unit 23 which receives information via a wired or wireless connection.
  • the device operation control unit 22 sets the flag 24 a to indicate the state in which information leakage should be prevented when the communication unit 23 receives information showing that the information terminal 20 is in the state in which information leakage should be prevented (remote operation command for starting, for example).
  • the information terminal 20 further includes a data storage unit 27 which stores data, and a data recording unit 26 which records and deletes data on the data storage unit 27 .
  • the data recording unit 26 deletes the data on the data storage unit 27 when the flag 24 a stored in the nonvolatile storage unit 24 indicates the state in which information leakage should be prevented.
  • start control unit 21 turns off the power source of the information terminal 20 after the deletion of the data on the data storage unit 27 is completed.
  • the information terminal 20 has a start wait state in which the information terminal 20 waits for a starting (standby mode, for example), in addition to a normal operation state.
  • the communication unit 23 in the start wait state, the communication unit 23 is in a state in which the communication unit 23 is able to receive the information showing that the information terminal 20 is in the state in which information leakage should be prevented. That is, the communication unit 23 is supplied with power necessary for receiving.
  • the information terminal 20 is automatically started and processing for reinforcing security including data deletion can be performed.
  • the at least one device in the device group 25 performs at least one operation from among displaying, lighting of a backlight, lighting of an LED, rotating a blast fan, emitting sound from a speaker, operating an external input and output device that is connected to an external input and output port or an external input and output slot, and receiving a user input operation, as the operation that appeals to at least one of the five senses of human being.
  • the device operation control unit 22 causes the at least one device to stop or dim the displaying, the lighting of the backlight, and the lighting of the LED, as control for suppressing the operation that appeals to at least one of the five senses of human being.
  • the operation that appeals to the sense of sight of a third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • the device operation control unit 22 may cause the at least one device to stop or slow down rotating the blast fan, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
  • the operation that appeals to the sense of sight or sense of hearing of the third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • the device operation control unit 22 may cause the at least one device to stop emitting or reduce volume of the sound from the speaker, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
  • the operation that appeals to the sense of hearing of the third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • the device operation control unit 22 may cause the at least one device to stop operating the external input and output device that is connected to the external input and output port or the external input and output slot, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
  • the operation related to the external input and output is suppressed, whereby it becomes hard for a third party to sense that the information terminal is started and operating.
  • the device operation control unit 22 may cause the at least one device to stop receiving the user input operation, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
  • the operation related to the input operation is suppressed, whereby it becomes hard for a third party to sense that the information terminal is started and operating.
  • the following describes operation of the information terminal 20 (information leakage prevention method) according to the present embodiment as structured above.
  • FIG. 2 is a flowchart showing the operation of the information terminal 20 according to the embodiment of the present invention, namely, the information leakage prevention method according to the present invention.
  • the start control unit 21 starts the information terminal 20 (S 20 ), based on the remote operation command or the like received via the communication unit 23 .
  • the device operation control unit 22 checks a value of the flag 24 a stored on the nonvolatile storage unit 24 of the information terminal 20 .
  • the device operation control unit 22 controls at least one device from among the device group 25 of the information terminal 20 (S 22 ) upon starting of the information terminal 20 . More specifically, the device operation control unit 22 controls the at least one device from among the device group 25 so that the device suppresses the operation that appeals to at least one of the five senses of human being, and then starts the information terminal 20 .
  • the flag 24 a is set, by the device operation control unit 22 , to indicate the state in which information leakage should be prevented.
  • the information terminal 20 deletes the data stored on the data storage unit 27 after the information terminal 20 is started (S 23 ). It is to be noted that the power source of the information terminal 20 is automatically (namely, by the start control unit 21 ) turned off after the deletion of the data is completed.
  • the above information leakage prevention method may be realized as a program to be executed by a computer of the information terminal.
  • the program includes: starting the information terminal and managing a power source of the information terminal; and controlling, upon starting of the information terminal, operation of at least one of plural devices of the information terminal. In the controlling, the at least one device is controlled so as to suppress operation that appeals to at least one of the five senses of human being when a flag stored in a nonvolatile storage unit indicates a state in which information leakage should be prevented.
  • a program may be stored on a non-transitory computer-readable recording medium for use in a computer, such as a CD-ROM.
  • FIG. 3 shows a block diagram of an information terminal 34 according to the example of the present invention
  • FIG. 4 shows the perspective view showing its outlook.
  • the information terminal 34 is a laptop personal computer, a compact information terminal, or the like.
  • the information terminal 34 includes a device control unit 1 , an input device group 5 , an output device group 6 , a communication module group 7 , a CPU 2 of the information terminal 34 , a storage device 3 such as a hard disc drive (HDD) or a flash memory drive (SSD) on which personal information of an end user and confidential information of a company may be stored, and a heat radiating fan 4 for cooling the information terminal 34 .
  • the storage device 3 is an example of the data storage unit 27 in FIG. 1 .
  • the CPU 2 functions as the data recording unit 26 in FIG. 1 when accessing to the storage device 3 .
  • the heat radiating fan 4 is an example of the device group 25 in FIG. 1 .
  • the device control unit 1 is an example of the device operation control unit 22 in FIG. 1 , and includes a Basic Input/Output System (BIOS) 10 and a power source microcomputer 12 .
  • BIOS 10 has a function as the start control unit 21 in FIG. 1 and includes a nonvolatile storage area 11 that is an example of the nonvolatile storage unit 24 in FIG. 1 .
  • the start control unit 21 in FIG. 1 is typically realized by the BIOS 10 and the power source microcomputer 12 , it may be realized by a resident program not shown in the diagram in addition to or instead of the BIOS 10 and the power source microcomputer 12 .
  • the input device group 5 is an example of the device group 25 in FIG. 1 , and is an input human interface device such as a key board 51 , a touch screen 52 , a touch pad 53 , and a microphone 54 .
  • the output device group 6 is an example of the device group 25 in FIG. 1 , and is an output human interface device such as a display panel 61 , a speaker 62 , and LED indicators 63 and 64 .
  • the communication module group 7 is an example of the communication unit 23 in FIG. 1 , and includes modules for communication, such as a LAN module 71 , a wireless LAN module 72 , and a wide area wireless module 73 , and the firmware.
  • the external input and output device group 8 is an example of the device group 25 in FIG. 1 , and includes a port or a device slot group for external input and output, such as a USB port 81 , an SD card slot 82 , a DVD/CD drive 83 , a PC card slot 84 , and an ExpressCard slot 85 .
  • the following describes a flow of processing performed when the information terminal 34 structured as the above is lost or stolen, with reference to the sequence diagram shown in FIG. 5 and the flowchart shown in FIG. 6 .
  • the information terminal 34 is in a power-off state when it is lost.
  • the administrator 32 confirms whether the person is the owner 31 , connects an information terminal for operation (not shown) to an administrative server 33 using an administrative application, and operates the information terminal for operation, to update the state of the terminal of the owner on an administrative database from “normal” to “stolen state” (S 102 ).
  • the administrative server 33 uses the update as a trigger to transmit, to the information terminal 34 , a wide area wireless message (hereinafter also referred to as simply “message”) informing that the information terminal 34 has been changed to the “stolen state” (S 103 ).
  • messages a wide area wireless message
  • the message here is an example of the “information showing that the information terminal is in the state in which information leakage should be prevented”. That is, the “stolen state” is an example of the “state in which the information terminal is in the state in which information leakage should be prevented”.
  • the wide area wireless module 73 mounted in the information terminal 34 Upon receiving the message notifying that the information terminal 34 is changed to the “stolen state” (S 001 ), the wide area wireless module 73 mounted in the information terminal 34 automatically turns on the power source of the information terminal 34 (S 002 ). It is to be noted that the message here also informs that the data in the information terminal 34 is to be deleted, and is therefore also serves as a “delete command”.
  • an example of a method to automatically turn on the power source of the information terminal 34 includes: keeping the wide area wireless module 73 mounted in the information terminal 34 always supplied with power so that a message can be received; and, when a message is received by the wide area wireless module 73 , driving a signal to the power source microcomputer 12 of the information terminal 34 (whereby the power source of the information terminal 34 is turned on), that is, starting or restarting the information terminal 34 by the start control unit 21 .
  • the BIOS 10 determines whether or not the current starting is caused by the message notifying that the information terminal 34 is changed to the “stolen state” (namely, “delete command”) (S 003 ), and when the result shows that the current starting is caused by the message notifying that the information terminal 34 is changed to the “stolen state” (namely, “delete command”) (Y in S 003 ), updates the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11 of the BIOS 10 , to the “stolen state” (S 005 ).
  • the BIOS 10 does not change but keeps the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11 , as it is.
  • the device control unit 1 determines whether or not the flag, that indicates the state of the terminal and is stored in the nonvolatile storage area 11 of the BIOS 10 , is in the “stolen state” (S 004 ).
  • the device control unit 1 controls the device (S 006 ) according to an action setting that is preliminarily set for the stolen situation.
  • Information for identifying the action setting for the stolen situation is stored in the nonvolatile storage area 11 of the BIOS 10 .
  • the action includes: whether or not to disable the input from the key board 51 ; whether or not to disable the input from the touch screen 52 ; whether or not to disable the input from the touch pad 53 ; whether or not to disable the input from the microphone 54 ; whether or not to turn off or dim the backlight of the display panel 61 ; whether or not to mute or reduce volume of the sound from the speaker 62 ; whether or not to turn off or dim the LED indicators 63 and 64 ; whether or not to disable the input and output I/F of the USB port 81 ; whether or not to disable the input and output I/F of the SD card slot 82 ; whether or not to stop driving of the DVD/CD drive 83 ; whether or not to disable the input and output I/F of the PC card slot 84 ; whether or not to disable the input and output I/F of the ExpressCard slot 85 ; and whether or not to stop or decrease the number of rotation to slow down the heat radiating fan 4
  • the input device group 5 When the input device group 5 is set to be disabled, input operation by the key board 51 and the touch pad 53 becomes impossible.
  • the device group 6 When the device group 6 is set to be disabled, the display panel 61 and the LED indicators 63 and 64 are turned off.
  • the external input and output device group 8 When the external input and output device group 8 is set to be disabled, there is no response to various storage media inserted.
  • the heat radiating fan 4 is set to be disabled, the rotation sound of the heat radiating fan 4 disappears. Therefore, it appears to the third party as if the information terminal 34 were powered off even when the information terminal 34 has started.
  • the power source of the information terminal 34 is automatically (namely, by the start control unit 21 ) turned off (S 008 ).
  • the security measures can be performed again by using, as a trigger, the reception of the message notification S 103 by the information terminal 34 or the third party's turning on the power source of the information terminal 34 .
  • the information terminal 34 does not start even when the third party turns on the power source and the input and output operation cannot be performed even if the information terminal 34 starts, whereby the data cannot be read.
  • the third party turns on the power source of the information terminal 34 before the message S 107 informing that the information terminal 34 is changed to the “stolen state” is received, that is, when it is determined on start-up that the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11 of the BIOS 10 , is not in the “stolen state” (S 004 ), the information terminal 34 starts in the normal state (S 009 ).
  • the BIOS 10 can update the flag, that indicates the state of the terminal and is stored in the nonvolatile storage area 11 of the BIOS 10 , to the “stolen state” (S 011 ).
  • the information terminal 34 is forcibly powered off (S 012 ) and then restarted (S 002 ) (the restarting is performed by the start control unit 21 , for example) so that the process of the above step S 006 (security measures) is started. Therefore, even in such a case, with the action setting for the stolen situation, the security measures including the deletion of the data saved in the storage device 3 can be performed in the state in which it is hard to be sensed by the third party.
  • the event showing being stolen (“stolen event”) S 010 may be specified by the wide area wireless message from the administrative server 33 as in the present example, or, in some cases, the information terminal 34 itself generates such an event by periodically querying the administrative server 33 to check the administrative database held on the administrative server 33 .
  • the information terminal 34 may detect that it has been stolen by referring to the administrative database and generate an event showing that it is stolen.
  • the information terminal 34 voluntarily generates a stolen event due to an internal factor using its timer or sensor.
  • a stolen event is automatically generated: when no communication has been made between a specific server over a given period; when the information terminal 34 detects, by using an acceleration sensor, that it is suddenly moved; and when the information terminal 34 detects, by using a device capable of obtaining position information, such as a GPS or a wireless access point, that it has been carried outside of a given area.
  • the information terminal 34 includes a device control unit 1 , a CPU 2 , a storage device 3 , and optionally, various devices including a heat radiating fan 4 , an input device group 5 , an output device group 6 , a communication module group 7 , an external input and output device group 8 .
  • the device control unit 1 performs at least one or a combination of actions.
  • the actions include: disabling the input from the key board 51 ; disabling the input from the touch screen 52 , disabling the input from the touch pad 53 , disabling the input from the microphone 54 , turning off or dimming the backlight of the display panel 61 , muting or reducing volume of the sound from the speaker 62 , turning off or dimming the LED indicators 63 and 64 , disabling the input and output I/F of the USB port 81 , disabling the input and output I/F of the SD card slot 82 , stopping driving the DVD/CD drive 83 , disabling the input and output I/F of the PC card slot 84 , disabling the input and output I/F of the ExpressCard slot 85 , stopping or decreasing the number of rotation to slow down the heat radiating fan 4 .
  • the present example refers to reinforcing security by starting in a state in which it is hard to be sensed by the third party, it is expected that the security can also be reinforced by applying the present invention to an information terminal in a power-off state that is not necessarily in the stolen state. That is, the “state in which information leakage should be prevented” may include “when it is preferred that a third party cannot sense that the information terminal is started”, in the present invention.
  • the third party's defenses it is also expected to lower the third party's defenses. It is because, by applying the control performed by the device operation control unit in the above embodiment to the LED indicator 63 of the information terminal 34 that is powered off, it becomes impossible for the third party to sense that the wide area wireless module 73 is in a standby state.
  • the present invention is not determined by the embodiment and the example.
  • the present invention relates to information terminals.
  • the present invention particularly relates to prevention of information leakage for the case where an information terminal, through which important data such as personal information and confidential information of a company are communicated, is lost or stolen, and can make it harder for a third party to sense that a security function in which a certain time period is required, such as deletion of internal data, is being executed by remote operation. Therefore, the present invention can be applied to any information terminals typified by a laptop personal computer, a PDA, and a mobile phone.

Abstract

An information terminal includes: a nonvolatile storage unit which stores a flag that indicates whether or not the information terminal is in a state in which information leakage should be prevented; a start control unit which starts the information terminal and manages a power source of the information terminal; a device group which operate upon starting of the information terminal; and a device operation control unit which controls operation of at least one of the device group. The device operation control unit controls the at least one device so as to suppress operation that appeals to at least one of the five senses of human being when the flag indicates the state in which information leakage should be prevented.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • The present application is based on and claims priority of Japanese Patent Application No. 2011-092700 filed on Apr. 19, 2011. The entire disclosure of the above-identified application, including the specification, drawings and claims are incorporated herein by reference in its entirety.
    • TECHNICAL FIELD
  • The present invention relates to information terminals, and particularly to an information leakage prevention method in a case where an information terminal including a laptop personal computer is in a state in which information leakage should be prevented, such as when the information terminal is lost or stolen.
    • BACKGROUND ART
  • In recent years, it has become easier to carry personal information or confidential information of a company and to utilize such information anywhere, as a result of the spread of compact information terminals such as laptop personal computers, Personal Digital Assistants (PDA), and mobile phones. However, more and more information leak cases are occurring due to information terminals, such as laptop personal computers and compact information terminals, being lost or stolen.
  • Generally, as one of the methods for preventing information leakage from an information terminal such as a laptop personal computer or a compact information terminal which is lost or stolen, there is a method of deleting information in the terminal by remotely operating the terminal from a remote location via a wired or wireless connection (see Patent Literature (PTL) 1, for example).
  • In the subsystem for preventing illicit use of radio portable terminal disclosed in PTL 1, an owner of a stolen radio portable terminal issues a stolen notification from another terminal to an information center where portable terminals are administrated, and the information center wirelessly sends a system lock request to the target terminal in response to the notification. Then, the internal data on the stolen portable terminal is deleted.
  • Thus, a third party cannot access a wireless network nor view the internal data, such as an address list, after the portable terminal is lost or stolen. Therefore, the security of the portable terminal is maintained.
    • CITATION LIST Patent Literature
    • [PTL 1] Japanese Unexamined Patent Application Publication No. 8-251660
    SUMMARY OF INVENTION Technical Problem
  • However, with the method disclosed in PTL 1, a certain time period is required to delete all of the information saved on the storage device of the information terminal such as a laptop personal computer or a compact information terminal. Therefore, there is a problem that if a third party turns off the power source of the terminal or detaches the mounted battery in the meantime, the information leakage may be caused because the data deletion may not be completed.
  • Particularly, when the information terminal such as a laptop personal computer or a compact information terminal is not started, the start operation is performed via a wireless connection. Therefore, a third party can easily sense that the information terminal is being started by the LCD backlight, the light emitted from various LED indicators, or the driving sound generated from the cooling fan, on start-up.
  • In such a situation, if the third party senses the starting of the information terminal, the third party stops the wireless function of the information terminal, and then the start operation for the information terminal via a wireless connection is disabled, whereby the data saved on the storage device of the information terminal cannot be deleted after that. As a result, the data in the storage device might be read by the third party.
  • Therefore, the present invention has an objective to provide an information terminal and an information leakage prevention method for reinforcing information security, including deleting data on the information terminal more certainly than in the conventional technique, when an information terminal is in a state in which information leakage should be prevented because it is lost or stolen.
    • Solution to Problem
  • In order to solve the above problems, an aspect of an information terminal according to the present invention includes: a nonvolatile storage unit which stores a flag that indicates whether or not the information terminal is in a state in which information leakage should be prevented; a start control unit which starts the information terminal and manages a power source of the information terminal; plural devices which operate upon starting of the information terminal; and a device operation control unit which controls operation of at least one of the devices. The device operation control unit controls the at least one device so as to suppress operation that appeals to at least one of five senses of human being, when the flag stored in the nonvolatile storage unit indicates the state in which information leakage should be prevented.
    • Advantageous Effects of Invention
  • With the above structure, it becomes hard for a third party to sense that the information terminal is being started to delete the data on the storage device of the information terminal, whereby it is expected that the information security can be reinforced in the case where the information terminal is lost or stolen.
    • BRIEF DESCRIPTION OF DRAWINGS
  • These and other objects, advantages and features of the invention will become apparent from the following description thereof taken in conjunction with the accompanying drawings that illustrate a specific embodiment of the present invention. In the Drawings:
  • FIG. 1 is a functional block diagram of an information terminal according to an embodiment of the present invention;
  • FIG. 2 is a flowchart showing operation of the information terminal according to the embodiment of the present invention;
  • FIG. 3 is a block diagram of the information terminal according to an example of the present invention;
  • FIG. 4 is a perspective view showing an outlook of the information terminal according to the example of the present invention;
  • FIG. 5 is a sequence diagram showing a processing order for preventing information leakage from the information terminal according to the example of the present invention; and
  • FIG. 6 is a flowchart showing operation for preventing information leakage from the information terminal according to the example of the present invention.
    •  DESCRIPTION OF EMBODIMENT
  • The following describes an embodiment and en example of an information terminal and an information leakage prevention method according to the present invention, with reference to the drawings. It is to be noted that each of the embodiment and the example described below is a preferable specific example of the present invention. Numeric values, shapes, constituents, positions and topologies of the constituents, steps, an order of the steps, a communication sequence, and the like in the following embodiment and example are an example of the present invention, and it should therefore not be construed that the present invention is determined by the embodiment and the example. The present invention is determined by the statement in Claims. Accordingly, out of the constituents in the following embodiment and example, the constituents not stated in the independent claims describing the broadest concept of the present invention are not necessary for achieving the object of the present invention and are described as optional constituents included in a more preferable embodiment.
    • Embodiment
  • First, the information terminal and the information leakage prevention method according to the embodiment of the present invention are described.
  • FIG. 1 is a functional block diagram of an information terminal 20 according to an embodiment of the present invention. The information terminal 20 includes, as main constituents, a nonvolatile storage unit 24 which stores a flag 24 a that indicates whether or not the information terminal 20 is in a state in which information leakage should be prevented, a start control unit 21 which starts the information terminal 20 and manages a power source of the information terminal 20, a device group 25 (plural devices from 25 a to 25 c) which operate upon starting of the information terminal 20, and a device operation control unit 22 which controls operation of at least one of the device group 25.
  • Here, as a characteristic operation, the device operation control unit 22 controls the at least one device so as to suppress operation that appeals to at least one of the five senses of human being when the flag 24 a stored in the nonvolatile storage unit 24 indicates the state in which information leakage should be prevented. Thus, in a case where the information terminal 20 is in the state in which information leakage should be prevented because it is lost or stolen, when the information terminal 20 is automatically started to delete data inside the information terminal 20 by a remote operation command or the like, the operation performed on start-up that appeals to at least one of the five senses of human being is suppressed, whereby it is hard for a third party to sense that the information terminal 20 is being started. Accordingly, the data in the information terminal 20 can be certainly deleted.
  • It is to be noted that the “state in which information leakage should be prevented” stands for a state in which the information held on the information terminal should be prevented from being leaked to a person other than the owner (a third party). Example of such a state includes: when the owner has lost the information terminal (lost state); when the information terminal is stolen (stolen state); when it is required to reinforce the security of the information held on the information terminal; when it is required to delete the information held on the information terminal; and when it is required not to be sensed by a human being that the information terminal is operating. Here, “operation that appeals to at least one of the five senses of human being” stands for operation of the information terminal which may be sensed by a human being by at least one of sense of sight, hearing, taste, smell and touch. The following describes specific examples.
  • Here, the start control unit 21 starts or restarts the information terminal 20 when the flag is set to indicate the state in which information leakage should be prevented. The device operation control unit 22 controls the at least one device so as to suppress the operation that appeals to at least one of the five senses of human being after the starting or restarting. Thus, not only when the information terminal 20 is stopped (in a state in which the power source is turned off) but also when the information terminal 20 has been started, if the flag 24 a is set to indicate the state in which information leakage should be prevented, restart is automatically performed so that the operation that appeals to at least one of the five senses of human being by the device is suppressed.
  • The information terminal 20 further includes a communication unit 23 which receives information via a wired or wireless connection. The device operation control unit 22 sets the flag 24 a to indicate the state in which information leakage should be prevented when the communication unit 23 receives information showing that the information terminal 20 is in the state in which information leakage should be prevented (remote operation command for starting, for example).
  • Furthermore, the information terminal 20 further includes a data storage unit 27 which stores data, and a data recording unit 26 which records and deletes data on the data storage unit 27. The data recording unit 26 deletes the data on the data storage unit 27 when the flag 24 a stored in the nonvolatile storage unit 24 indicates the state in which information leakage should be prevented. Thus, when the information terminal 20 is in the state in which information leakage should be prevented, it is possible to certainly delete the confidential information and the like held on the information terminal 20 without being sensed by a third party.
  • It is to be noted that the start control unit 21 turns off the power source of the information terminal 20 after the deletion of the data on the data storage unit 27 is completed.
  • Furthermore, the information terminal 20 has a start wait state in which the information terminal 20 waits for a starting (standby mode, for example), in addition to a normal operation state. Here, in the start wait state, the communication unit 23 is in a state in which the communication unit 23 is able to receive the information showing that the information terminal 20 is in the state in which information leakage should be prevented. That is, the communication unit 23 is supplied with power necessary for receiving. Thus, even when the power source of the information terminal 20 is turned off, upon receiving the remote operation command by the communication unit 23, the information terminal 20 is automatically started and processing for reinforcing security including data deletion can be performed.
  • It is to be noted that the at least one device in the device group 25 performs at least one operation from among displaying, lighting of a backlight, lighting of an LED, rotating a blast fan, emitting sound from a speaker, operating an external input and output device that is connected to an external input and output port or an external input and output slot, and receiving a user input operation, as the operation that appeals to at least one of the five senses of human being.
  • Here, for example, the device operation control unit 22 causes the at least one device to stop or dim the displaying, the lighting of the backlight, and the lighting of the LED, as control for suppressing the operation that appeals to at least one of the five senses of human being. Thus, in the information terminal 20, the operation that appeals to the sense of sight of a third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • Furthermore, the device operation control unit 22 may cause the at least one device to stop or slow down rotating the blast fan, as the control for suppressing the operation that appeals to at least one of the five senses of human being. Thus, in the information terminal 20, the operation that appeals to the sense of sight or sense of hearing of the third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • Furthermore, the device operation control unit 22 may cause the at least one device to stop emitting or reduce volume of the sound from the speaker, as the control for suppressing the operation that appeals to at least one of the five senses of human being. Thus, in the information terminal 20, the operation that appeals to the sense of hearing of the third party is suppressed, whereby the information terminal 20 is started and the data in the information terminal 20 can be deleted without being sensed by the third party.
  • Furthermore, the device operation control unit 22 may cause the at least one device to stop operating the external input and output device that is connected to the external input and output port or the external input and output slot, as the control for suppressing the operation that appeals to at least one of the five senses of human being. Thus, in the information terminal 20, the operation related to the external input and output is suppressed, whereby it becomes hard for a third party to sense that the information terminal is started and operating.
  • Furthermore, the device operation control unit 22 may cause the at least one device to stop receiving the user input operation, as the control for suppressing the operation that appeals to at least one of the five senses of human being. Thus, in the information terminal 20, the operation related to the input operation is suppressed, whereby it becomes hard for a third party to sense that the information terminal is started and operating.
  • The following describes operation of the information terminal 20 (information leakage prevention method) according to the present embodiment as structured above.
  • FIG. 2 is a flowchart showing the operation of the information terminal 20 according to the embodiment of the present invention, namely, the information leakage prevention method according to the present invention.
  • First, the start control unit 21 starts the information terminal 20 (S20), based on the remote operation command or the like received via the communication unit 23.
  • Next, the device operation control unit 22 checks a value of the flag 24 a stored on the nonvolatile storage unit 24 of the information terminal 20. When the result shows that the flag 24 a indicates the state in which information leakage should be prevented (Y in S21), the device operation control unit 22 controls at least one device from among the device group 25 of the information terminal 20 (S22) upon starting of the information terminal 20. More specifically, the device operation control unit 22 controls the at least one device from among the device group 25 so that the device suppresses the operation that appeals to at least one of the five senses of human being, and then starts the information terminal 20.
  • When the communication unit 23 receives the information showing that the information terminal 20 is in the state in which information leakage should be prevented, the flag 24 a is set, by the device operation control unit 22, to indicate the state in which information leakage should be prevented.
  • Finally, the information terminal 20 deletes the data stored on the data storage unit 27 after the information terminal 20 is started (S23). It is to be noted that the power source of the information terminal 20 is automatically (namely, by the start control unit 21) turned off after the deletion of the data is completed.
  • With the above operation, it is hard for the third party to sense that the information terminal 20 is being started to delete the data on the data storage unit 27. Accordingly, it is expected that the information security can be reinforced in the case where the information terminal 20 is lost or stolen.
  • It is to be noted that the above information leakage prevention method may be realized as a program to be executed by a computer of the information terminal. The program includes: starting the information terminal and managing a power source of the information terminal; and controlling, upon starting of the information terminal, operation of at least one of plural devices of the information terminal. In the controlling, the at least one device is controlled so as to suppress operation that appeals to at least one of the five senses of human being when a flag stored in a nonvolatile storage unit indicates a state in which information leakage should be prevented. It goes without saying that such a program may be stored on a non-transitory computer-readable recording medium for use in a computer, such as a CD-ROM.
    • Example
  • The following describes a specific example of the above embodiment. It is to be noted that the information terminal in the present example is described using the state in which the information terminal is stolen (stolen state), as an example of the “state in which information leakage should be prevented”.
    • [Structure of Information Terminal]
  • FIG. 3 shows a block diagram of an information terminal 34 according to the example of the present invention, and FIG. 4 shows the perspective view showing its outlook. The information terminal 34 is a laptop personal computer, a compact information terminal, or the like. The information terminal 34 includes a device control unit 1, an input device group 5, an output device group 6, a communication module group 7, a CPU 2 of the information terminal 34, a storage device 3 such as a hard disc drive (HDD) or a flash memory drive (SSD) on which personal information of an end user and confidential information of a company may be stored, and a heat radiating fan 4 for cooling the information terminal 34. The storage device 3 is an example of the data storage unit 27 in FIG. 1. The CPU 2 functions as the data recording unit 26 in FIG. 1 when accessing to the storage device 3. The heat radiating fan 4 is an example of the device group 25 in FIG. 1.
  • The device control unit 1 is an example of the device operation control unit 22 in FIG. 1, and includes a Basic Input/Output System (BIOS) 10 and a power source microcomputer 12. The BIOS 10 has a function as the start control unit 21 in FIG. 1 and includes a nonvolatile storage area 11 that is an example of the nonvolatile storage unit 24 in FIG. 1. Although the start control unit 21 in FIG. 1 is typically realized by the BIOS 10 and the power source microcomputer 12, it may be realized by a resident program not shown in the diagram in addition to or instead of the BIOS 10 and the power source microcomputer 12.
  • The input device group 5 is an example of the device group 25 in FIG. 1, and is an input human interface device such as a key board 51, a touch screen 52, a touch pad 53, and a microphone 54. The output device group 6 is an example of the device group 25 in FIG. 1, and is an output human interface device such as a display panel 61, a speaker 62, and LED indicators 63 and 64.
  • The communication module group 7 is an example of the communication unit 23 in FIG. 1, and includes modules for communication, such as a LAN module 71, a wireless LAN module 72, and a wide area wireless module 73, and the firmware. The external input and output device group 8 is an example of the device group 25 in FIG. 1, and includes a port or a device slot group for external input and output, such as a USB port 81, an SD card slot 82, a DVD/CD drive 83, a PC card slot 84, and an ExpressCard slot 85.
    • [Operation of Information Terminal (Processing Flow)]
  • The following describes a flow of processing performed when the information terminal 34 structured as the above is lost or stolen, with reference to the sequence diagram shown in FIG. 5 and the flowchart shown in FIG. 6. In this example, it is assumed that the information terminal 34 is in a power-off state when it is lost.
  • When an owner 31 of the information terminal 34 finds that the information terminal 34 is lost or stolen, the owner 31 contacts an administrator 32 (call canter) (S101).
  • The administrator 32 confirms whether the person is the owner 31, connects an information terminal for operation (not shown) to an administrative server 33 using an administrative application, and operates the information terminal for operation, to update the state of the terminal of the owner on an administrative database from “normal” to “stolen state” (S102).
  • Using the update as a trigger, the administrative server 33 transmits, to the information terminal 34, a wide area wireless message (hereinafter also referred to as simply “message”) informing that the information terminal 34 has been changed to the “stolen state” (S103). It is to be noted that the message here is an example of the “information showing that the information terminal is in the state in which information leakage should be prevented”. That is, the “stolen state” is an example of the “state in which the information terminal is in the state in which information leakage should be prevented”.
  • Upon receiving the message notifying that the information terminal 34 is changed to the “stolen state” (S001), the wide area wireless module 73 mounted in the information terminal 34 automatically turns on the power source of the information terminal 34 (S002). It is to be noted that the message here also informs that the data in the information terminal 34 is to be deleted, and is therefore also serves as a “delete command”.
  • It is to be noted that an example of a method to automatically turn on the power source of the information terminal 34 includes: keeping the wide area wireless module 73 mounted in the information terminal 34 always supplied with power so that a message can be received; and, when a message is received by the wide area wireless module 73, driving a signal to the power source microcomputer 12 of the information terminal 34 (whereby the power source of the information terminal 34 is turned on), that is, starting or restarting the information terminal 34 by the start control unit 21.
  • The BIOS 10 determines whether or not the current starting is caused by the message notifying that the information terminal 34 is changed to the “stolen state” (namely, “delete command”) (S003), and when the result shows that the current starting is caused by the message notifying that the information terminal 34 is changed to the “stolen state” (namely, “delete command”) (Y in S003), updates the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11 of the BIOS 10, to the “stolen state” (S005).
  • In contrast, when it is determined that the current starting is not caused by the delete command (N in S003), the BIOS 10 does not change but keeps the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11, as it is.
  • Next, the device control unit 1 determines whether or not the flag, that indicates the state of the terminal and is stored in the nonvolatile storage area 11 of the BIOS 10, is in the “stolen state” (S004). When it is determined to be in the “stolen state” (Y in S004), the device control unit 1 controls the device (S006) according to an action setting that is preliminarily set for the stolen situation. Information for identifying the action setting for the stolen situation is stored in the nonvolatile storage area 11 of the BIOS 10. For example, when the information terminal 34 is changed to the “stolen state”, the action includes: whether or not to disable the input from the key board 51; whether or not to disable the input from the touch screen 52; whether or not to disable the input from the touch pad 53; whether or not to disable the input from the microphone 54; whether or not to turn off or dim the backlight of the display panel 61; whether or not to mute or reduce volume of the sound from the speaker 62; whether or not to turn off or dim the LED indicators 63 and 64; whether or not to disable the input and output I/F of the USB port 81; whether or not to disable the input and output I/F of the SD card slot 82; whether or not to stop driving of the DVD/CD drive 83; whether or not to disable the input and output I/F of the PC card slot 84; whether or not to disable the input and output I/F of the ExpressCard slot 85; and whether or not to stop or decrease the number of rotation to slow down the heat radiating fan 4. It is to be noted that only one of the above actions may be set, or a combination of plural actions may be set.
  • The following are examples of the action setting for the stolen situation and the effect. When the input device group 5 is set to be disabled, input operation by the key board 51 and the touch pad 53 becomes impossible. When the device group 6 is set to be disabled, the display panel 61 and the LED indicators 63 and 64 are turned off. When the external input and output device group 8 is set to be disabled, there is no response to various storage media inserted. When the heat radiating fan 4 is set to be disabled, the rotation sound of the heat radiating fan 4 disappears. Therefore, it appears to the third party as if the information terminal 34 were powered off even when the information terminal 34 has started.
  • Because it is possible to make the information terminal 34 unable to start, delete the data on the storage device 3 in the information terminal 34, or perform both of the above security measures (S007) in such a state, it is hard for the third party to sense that such a security measures is being performed.
  • Finally, after the security measures is performed, the power source of the information terminal 34 is automatically (namely, by the start control unit 21) turned off (S008).
  • It is to be noted that if the performance of the above security measures should be sensed and the power source should be turned off halfway, the security measures can be performed again by using, as a trigger, the reception of the message notification S103 by the information terminal 34 or the third party's turning on the power source of the information terminal 34.
  • After that, the information terminal 34 does not start even when the third party turns on the power source and the input and output operation cannot be performed even if the information terminal 34 starts, whereby the data cannot be read.
  • Furthermore, in the case where the third party turns on the power source of the information terminal 34 before the message S107 informing that the information terminal 34 is changed to the “stolen state” is received, that is, when it is determined on start-up that the flag, that indicates the state of the terminal and is stored on the nonvolatile storage area 11 of the BIOS 10, is not in the “stolen state” (S004), the information terminal 34 starts in the normal state (S009).
  • Even in such a case, if the information terminal 34 itself detects that an event showing that the information terminal 34 is lost or stolen has happened (S010) during normal starting (runtime), the BIOS 10 can update the flag, that indicates the state of the terminal and is stored in the nonvolatile storage area 11 of the BIOS 10, to the “stolen state” (S011).
  • After that, the information terminal 34 is forcibly powered off (S012) and then restarted (S002) (the restarting is performed by the start control unit 21, for example) so that the process of the above step S006 (security measures) is started. Therefore, even in such a case, with the action setting for the stolen situation, the security measures including the deletion of the data saved in the storage device 3 can be performed in the state in which it is hard to be sensed by the third party.
  • It is to be noted that the event showing being stolen (“stolen event”) S010 may be specified by the wide area wireless message from the administrative server 33 as in the present example, or, in some cases, the information terminal 34 itself generates such an event by periodically querying the administrative server 33 to check the administrative database held on the administrative server 33. For example, when the information showing that the information terminal 34 has been stolen is recorded in the administrative database held in the administrative server 33, the information terminal 34 may detect that it has been stolen by referring to the administrative database and generate an event showing that it is stolen.
  • Furthermore, in some cases, the information terminal 34 voluntarily generates a stolen event due to an internal factor using its timer or sensor. For example, a stolen event is automatically generated: when no communication has been made between a specific server over a given period; when the information terminal 34 detects, by using an acceleration sensor, that it is suddenly moved; and when the information terminal 34 detects, by using a device capable of obtaining position information, such as a GPS or a wireless access point, that it has been carried outside of a given area.
    • CONCLUSION
  • The information terminal 34 according to the present example includes a device control unit 1, a CPU 2, a storage device 3, and optionally, various devices including a heat radiating fan 4, an input device group 5, an output device group 6, a communication module group 7, an external input and output device group 8.
  • If the flag that indicates the state of the information terminal 34 is set to the “stolen state” (that is, the state in which information leakage should be prevented) on start-up of the terminal, according to the action setting for the stolen situation that is preliminarily set in the nonvolatile storage area 11 of the information terminal 34, the device control unit 1 performs at least one or a combination of actions. The actions include: disabling the input from the key board 51; disabling the input from the touch screen 52, disabling the input from the touch pad 53, disabling the input from the microphone 54, turning off or dimming the backlight of the display panel 61, muting or reducing volume of the sound from the speaker 62, turning off or dimming the LED indicators 63 and 64, disabling the input and output I/F of the USB port 81, disabling the input and output I/F of the SD card slot 82, stopping driving the DVD/CD drive 83, disabling the input and output I/F of the PC card slot 84, disabling the input and output I/F of the ExpressCard slot 85, stopping or decreasing the number of rotation to slow down the heat radiating fan 4.
  • Thus, it is possible to start the information terminal 34 without being sensed by the third party and the security measures which require a certain time period, such as deletion of the data in the storage device 3, can be performed more certainly. As a result, it is expected that the information security is reinforced.
  • Although the present example refers to reinforcing security by starting in a state in which it is hard to be sensed by the third party, it is expected that the security can also be reinforced by applying the present invention to an information terminal in a power-off state that is not necessarily in the stolen state. That is, the “state in which information leakage should be prevented” may include “when it is preferred that a third party cannot sense that the information terminal is started”, in the present invention.
  • For example, it is also expected to lower the third party's defenses. It is because, by applying the control performed by the device operation control unit in the above embodiment to the LED indicator 63 of the information terminal 34 that is powered off, it becomes impossible for the third party to sense that the wide area wireless module 73 is in a standby state.
  • Although the information terminal and the information leakage prevention method according to the present invention are described based on the embodiment and the example, the present invention is not determined by the embodiment and the example. Embodiments obtained by applying various modifications conceived by those skilled in the art to the above embodiment and the example, or embodiments structured by arbitrarily combining constituents of the embodiment and the example, within a scope that does not deviate from the spirit of the present invention, are also included within the scope of the present invention.
    • INDUSTRIAL APPLICABILITY
  • The present invention relates to information terminals. The present invention particularly relates to prevention of information leakage for the case where an information terminal, through which important data such as personal information and confidential information of a company are communicated, is lost or stolen, and can make it harder for a third party to sense that a security function in which a certain time period is required, such as deletion of internal data, is being executed by remote operation. Therefore, the present invention can be applied to any information terminals typified by a laptop personal computer, a PDA, and a mobile phone.

Claims (15)

1. An information terminal comprising:
a nonvolatile storage unit configured to store a flag that indicates whether or not said information terminal is in a state in which information leakage should be prevented;
a start control unit configured to start said information terminal and manage a power source of said information terminal;
a plurality of devices which operate upon starting of said information terminal; and
a device operation control unit configured to control operation of at least one of said devices,
wherein said device operation control unit is configured to control said at least one device so as to suppress operation that appeals to at least one of five senses of human being when the flag stored in said nonvolatile storage unit indicates the state in which information leakage should be prevented.
2. The information terminal according to claim 1,
wherein said start control unit is configured to start or restart said information terminal when the flag is set to indicate the state in which information leakage should be prevented, and
said device operation control unit is configured to control said at least one device so as to suppress the operation that appeals to at least one of the five senses of human being after the restarting.
3. The information terminal according to claim 1, further comprising
a communication unit configured to receive information via a wired or wireless connection,
wherein said device operation control unit is configured to set the flag to indicate the state in which information leakage should be prevented when said communication unit receives information showing that said information terminal is in the state in which information leakage should be prevented.
4. The information terminal according to claim 3, further comprising:
a data storage unit configured to store data; and
a data recording unit configured to record and delete data on said data storage unit,
wherein said data recording unit is configured to delete the data on said data storage unit when the flag stored in said nonvolatile storage unit indicates the state in which information leakage should be prevented.
5. The information terminal according to claim 4,
wherein said start control unit is configured to turn off the power source of said information terminal after the deletion of the data on said data storage unit is completed.
6. The information terminal according to claim 3,
wherein said information terminal has a start wait state in which said information terminal waits for a starting, and
in the start wait state, said communication unit is in a state in which said communication unit is able to receive the information showing that said information terminal is in the state in which information leakage should be prevented.
7. The information terminal according to claim 1,
wherein said at least one device is configured to perform at least one operation from among displaying, lighting of a backlight, lighting of an LED, rotating a blast fan, emitting sound from a speaker, operating an external input and output device that is connected to an external input and output port or an external input and output slot, and receiving a user input operation, as the operation that appeals to at least one of the five senses of human being.
8. The information terminal according to claim 7,
wherein said device operation control unit is configured to cause said at least one device to stop or dim the displaying, the lighting of the backlight, and the lighting of the LED, as control for suppressing the operation that appeals to at least one of the five senses of human being.
9. The information terminal according to claim 7,
wherein said device operation control unit is configured to cause said at least one device to stop or slow down rotating the blast fan, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
10. The information terminal according to claim 7,
wherein said device operation control unit is configured to cause said at least one device to stop emitting or reduce volume of the sound from the speaker, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
11. The information terminal according to claim 7,
wherein said device operation control unit is configured to cause said at least one device to stop operating the external input and output device that is connected to the external input and output port or the external input and output slot, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
12. The information terminal according to claim 7,
wherein said device operation control unit is configured to cause said at least one device to stop receiving the user input operation, as the control for suppressing the operation that appeals to at least one of the five senses of human being.
13. An information leakage prevention method for preventing information leakage from an information terminal, said method comprising:
starting the information terminal and managing a power source of the information terminal; and
controlling, upon starting of the information terminal, operation of at least one of a plurality of devices of the information terminal,
wherein, in said controlling, the at least one device is controlled so as to suppress operation that appeals to at least one of the five senses of human being when a flag stored in a nonvolatile storage unit indicates a state in which information leakage should be prevented.
14. The information leakage prevention method according to claim 13, further comprising
deleting data on a data storage unit of the information terminal when the flag stored in the nonvolatile storage unit indicates the state in which information leakage should be prevented.
15. A non-transitory computer-readable recording medium for use in a computer, said recording medium having a computer program recorded thereon for causing the computer to execute prevention of information leakage from an information terminal,
wherein said program includes steps in the information leakage prevention method according to claim 13.
US13/451,319 2011-04-19 2012-04-19 Information terminal and information leakage prevention method Active US8978156B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011092700 2011-04-19
JP2011-092700 2011-04-19

Publications (2)

Publication Number Publication Date
US20120317651A1 true US20120317651A1 (en) 2012-12-13
US8978156B2 US8978156B2 (en) 2015-03-10

Family

ID=47294299

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/451,319 Active US8978156B2 (en) 2011-04-19 2012-04-19 Information terminal and information leakage prevention method

Country Status (2)

Country Link
US (1) US8978156B2 (en)
JP (2) JP2012234531A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130125218A1 (en) * 2008-12-19 2013-05-16 Selim Aissi Method, apparatus and system for remote management of mobile devices
JP2014149729A (en) * 2013-02-01 2014-08-21 Mitsubishi Heavy Ind Ltd Theft self detection system, user terminal, theft self detection method, and program
US20140298491A1 (en) * 2013-04-02 2014-10-02 Dropbox, Inc. Techniques for recovering missing devices
US20150148007A1 (en) * 2013-11-25 2015-05-28 Asurion, Llc Phone lock system
US20220067139A1 (en) * 2020-08-25 2022-03-03 Kyndryl, Inc. Loss prevention of devices
US11698685B2 (en) * 2013-02-20 2023-07-11 Sony Interactive Entertainment Inc. Character string input system

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6045104B2 (en) * 2012-12-06 2016-12-14 ワンビ株式会社 Data erasing program, data erasing method, computer having data erasing function and data erasing management server
JPWO2014167721A1 (en) * 2013-04-12 2017-02-16 富士通株式会社 Data erasing device, data erasing method, program, and storage medium
JP6131159B2 (en) * 2013-09-20 2017-05-17 株式会社Nttドコモ Determination system, terminal, server device, server device control method and program
KR20180025356A (en) 2016-08-29 2018-03-09 삼성전자주식회사 Nonvolatile memory and nonvolatile memory system
JP7172609B2 (en) * 2019-01-09 2022-11-16 株式会社Ihi Information processing device and access restriction method for information processing device
WO2024048228A1 (en) * 2022-09-01 2024-03-07 パナソニックIpマネジメント株式会社 Electronic device and control method for electronic device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030143980A1 (en) * 2000-04-17 2003-07-31 Choi Sang Baek Security apparatus and method for information processing device using an e-mail
US6741851B1 (en) * 1999-10-30 2004-05-25 Samsung Electronics Co., Ltd. Method for protecting data stored in lost mobile terminal and recording medium therefor
US20060156052A1 (en) * 2004-10-27 2006-07-13 Bodnar Eric O Method and apparatus for management of data on handheld devices
US7299037B2 (en) * 2004-03-19 2007-11-20 Nokia Corporation Remote control over mobile communication terminals
US20070281664A1 (en) * 2004-11-17 2007-12-06 Takashi Kaneko Portable wireless terminal and its security system
US20080301820A1 (en) * 2007-05-29 2008-12-04 Jon Stevens Offline data delete with false trigger protection
US20090298468A1 (en) * 2008-06-02 2009-12-03 Chi Mei Communication Systems, Inc. System and method for deleting data in a communication device
US20100210240A1 (en) * 2009-02-17 2010-08-19 Flexilis, Inc. System and method for remotely securing or recovering a mobile device
US20100299749A1 (en) * 2003-08-23 2010-11-25 Softex Incorporated Secure Booting System And Method
US20110145927A1 (en) * 2009-12-16 2011-06-16 Verizon Patent And Licensing Inc. Method and system for providing remote configuration of missing mobile devices

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2750746B2 (en) * 1989-09-14 1998-05-13 日立マクセル株式会社 Method for preventing unauthorized use of portable terminal devices
JP2661582B2 (en) 1995-03-13 1997-10-08 日本電気株式会社 Subsystem for preventing unauthorized use of wireless mobile terminal in wireless mobile terminal system
JP2000276247A (en) * 1999-03-26 2000-10-06 Mitsubishi Electric Corp Portable terminal security system and portable terminal
JP2001230858A (en) * 2000-02-17 2001-08-24 Mitsubishi Electric Corp Mobile phone system and mobile phone
JP2003047065A (en) * 2001-08-01 2003-02-14 Dainippon Printing Co Ltd Terminal enabling to apply data leakage preventing operation from outside
JP2004140710A (en) * 2002-10-18 2004-05-13 Sony Corp Mobile phone terminal and control method therefor
JP4557506B2 (en) * 2003-05-28 2010-10-06 シャープ株式会社 Information processing device
JP2005071219A (en) * 2003-08-27 2005-03-17 Nec Soft Ltd Terminal information leak prevention system, terminal information leak prevention method and program
JP4143076B2 (en) * 2005-03-18 2008-09-03 日本無線株式会社 Mobile communication terminal with security function
JP2006270281A (en) * 2005-03-23 2006-10-05 Hitachi Ltd Remote data eraser for information leak prevention
JP4392756B2 (en) * 2005-04-25 2010-01-06 ソニー・エリクソン・モバイルコミュニケーションズ株式会社 Mobile communication terminal, control method and control program for mobile communication terminal, and communication system
JP2006287960A (en) * 2006-05-09 2006-10-19 Matsushita Electric Ind Co Ltd Security system for portable electronic apparatus
JP5015043B2 (en) * 2008-03-11 2012-08-29 Necパーソナルコンピュータ株式会社 Information processing system, information terminal, and program
JP5015044B2 (en) * 2008-03-11 2012-08-29 Necパーソナルコンピュータ株式会社 Information processing system, information terminal, and program
US8483659B2 (en) * 2009-02-26 2013-07-09 Qualcomm Incorporated Methods and systems for recovering lost or stolen mobile devices
JP5123238B2 (en) * 2009-03-24 2013-01-23 株式会社東芝 COMMUNICATION DEVICE, COMMUNICATION DEVICE STARTING METHOD, AND PROGRAM

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6741851B1 (en) * 1999-10-30 2004-05-25 Samsung Electronics Co., Ltd. Method for protecting data stored in lost mobile terminal and recording medium therefor
US20030143980A1 (en) * 2000-04-17 2003-07-31 Choi Sang Baek Security apparatus and method for information processing device using an e-mail
US20100299749A1 (en) * 2003-08-23 2010-11-25 Softex Incorporated Secure Booting System And Method
US7299037B2 (en) * 2004-03-19 2007-11-20 Nokia Corporation Remote control over mobile communication terminals
US20060156052A1 (en) * 2004-10-27 2006-07-13 Bodnar Eric O Method and apparatus for management of data on handheld devices
US20070281664A1 (en) * 2004-11-17 2007-12-06 Takashi Kaneko Portable wireless terminal and its security system
US8208897B2 (en) * 2004-11-17 2012-06-26 Fujitsu Limited Portable wireless terminal and its security system
US20080301820A1 (en) * 2007-05-29 2008-12-04 Jon Stevens Offline data delete with false trigger protection
US20090298468A1 (en) * 2008-06-02 2009-12-03 Chi Mei Communication Systems, Inc. System and method for deleting data in a communication device
US20100210240A1 (en) * 2009-02-17 2010-08-19 Flexilis, Inc. System and method for remotely securing or recovering a mobile device
US20110145927A1 (en) * 2009-12-16 2011-06-16 Verizon Patent And Licensing Inc. Method and system for providing remote configuration of missing mobile devices

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130125218A1 (en) * 2008-12-19 2013-05-16 Selim Aissi Method, apparatus and system for remote management of mobile devices
US8795388B2 (en) * 2008-12-19 2014-08-05 Intel Corporation Method, apparatus and system for remote management of mobile devices
JP2014149729A (en) * 2013-02-01 2014-08-21 Mitsubishi Heavy Ind Ltd Theft self detection system, user terminal, theft self detection method, and program
US11698685B2 (en) * 2013-02-20 2023-07-11 Sony Interactive Entertainment Inc. Character string input system
US20140298491A1 (en) * 2013-04-02 2014-10-02 Dropbox, Inc. Techniques for recovering missing devices
US9710678B2 (en) * 2013-04-02 2017-07-18 Dropbox, Inc. Techniques for recovering missing devices
US20170270322A1 (en) * 2013-04-02 2017-09-21 Dropbox, Inc. Techniques for recovering missing devices
US10181058B2 (en) * 2013-04-02 2019-01-15 Dropbox, Inc. Techniques for recovering missing devices
US20150148007A1 (en) * 2013-11-25 2015-05-28 Asurion, Llc Phone lock system
US20220067139A1 (en) * 2020-08-25 2022-03-03 Kyndryl, Inc. Loss prevention of devices

Also Published As

Publication number Publication date
US8978156B2 (en) 2015-03-10
JP2012234531A (en) 2012-11-29
JP2016076274A (en) 2016-05-12
JP6191847B2 (en) 2017-09-06

Similar Documents

Publication Publication Date Title
US8978156B2 (en) Information terminal and information leakage prevention method
CN105929925B (en) Electronic device and method for managing power in electronic device
US9591121B2 (en) Function controlling method and electronic device supporting the same
KR102148948B1 (en) Multi tasking method of electronic apparatus and electronic apparatus thereof
US10528434B2 (en) Method, device and terminal for restoring firmware program
KR102395868B1 (en) Electronic device and applacation controlling method thereof
CN108702421B (en) Electronic device and method for controlling applications and components
CN109964227B (en) Method and terminal for updating SELinux security policy
CN107168818B (en) Terminal and machine-refreshing failure recovery method
KR102325888B1 (en) Electronic device and method for detecting water in electronic device
KR20160051071A (en) Electronic device and method for controlling power in electronic device
KR102496058B1 (en) Scan method in wireless local area network and electronic device implementing the same
JP5652297B2 (en) Information terminal, information leakage prevention method and information leakage prevention program
CN106681813B (en) System management method and device
KR20190024169A (en) Method for probiding smart key service and electronic device thereof
KR20170089246A (en) Device and method for managing hibernation in plural operating systems environment
US8909911B2 (en) Power-on/off management system and method of communication device
KR20180069640A (en) Method for charging electronic device, electronic device, and storage medium
US9841963B2 (en) Method and apparatus for managing application
KR20180130684A (en) Method for preventing electric shock and electronic device for the same
WO2023056830A1 (en) Working voltage processing method and apparatus, electronic device and storage medium
JP5765610B2 (en) Mobile communication terminal, crime prevention method and program
US11954502B2 (en) Electronic apparatus and the control method thereof
CN107766089B (en) System starting method and device
KR102515282B1 (en) Method and electronic device for controlling power supply

Legal Events

Date Code Title Description
AS Assignment

Owner name: PANASONIC CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SAITO, SHUNSUKE;REEL/FRAME:028448/0165

Effective date: 20120524

AS Assignment

Owner name: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PANASONIC CORPORATION;REEL/FRAME:034194/0143

Effective date: 20141110

Owner name: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PANASONIC CORPORATION;REEL/FRAME:034194/0143

Effective date: 20141110

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD., JAPAN

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ERRONEOUSLY FILED APPLICATION NUMBERS 13/384239, 13/498734, 14/116681 AND 14/301144 PREVIOUSLY RECORDED ON REEL 034194 FRAME 0143. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:PANASONIC CORPORATION;REEL/FRAME:056788/0362

Effective date: 20141110

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8